December 8, 2015
The refinement of data center technology has been a process of condensing resources to optimize the use of hardware. With virtualization, hypervisors were implemented to cut down the required amount of physical hardware necessary to run the same number of applications. Then, the data center itself was virtualized to create a cloud environment. In this light, the next step seems obvious. It’s called Intercloud, and it is the cloud of clouds.
In the same way the internet functions as a network of networks, the Intercloud is a cloud environment composed of an ecosystem of cloud environments. Ultimately, even a cloud environment as massive as Amazon Web Services (AWS) is limited by infrastructure. It has a maximum capacity that can be reached, but if, for example, AWS could extend its capacity beyond its limits by borrowing space in other cloud environments, cloud providers like AWS could have an almost unlimited capacity.
As with all technology, security is a top priority, and Cisco has gone to great lengths to facilitate the adoption of the intercloud in a safe and secure manner.
A Secure Intercloud Platform
A single ubiquitous cloud ecosystem similar to the internet is a long way off, but Cisco has developed a product that utilizes the intercloud concept for clients deploying hybrid cloud environments. Cisco Intercloud Fabric is designed to enable companies to expand their resources beyond their hybrid cloud infrastructure to public cloud deployments on demand.
Intercloud Fabric Security Features
- Site-to-site communication: One of the major hurdles involved in Intercloud is establishing a secure connection between the client’s hybrid cloud environment and the public cloud it intends to leverage. Cisco Intercloud Fabric establishes two VMs, one at the client site and one in the public cloud, and uses them as end points to create a secure connection. The connection is then encrypted to ensure data can safely travel to and from the client’s environment.
- Secure Shell: Intercloud Fabric creates a secure shell (SSH) around each VM involved in the client’s hybrid cloud deployment. IT accomplishes this feat through a number of crucial security features.
- VMs are identified and labeled as “trusted” using preshared SSH keys.
- Communication between VMs is encrypted, and different encryption strengths can be utilized to tighten security around business-critical data.
- Using cloud security groups, IT administrators can restrict access of cloud VM public interfaces to designated IP addresses.
- Role-based Access Control (RBAC) on Cloud Resources: Through Intercloud Fabric, IT administrators can enact role-based access to select cloud resources. For example, policies can dictate that certain departments only use certain cloud providers. In this way, IT administrators gain greater control of user activity, and when a department bursts into the public cloud for a project, they can be funneled toward the cloud provider best suited to their needs.
- Zone-based Firewall: A zone-based firewall is designed to protect the data traveling “east to west” between virtual machines within an environment. This concept is extended into the Intercloud Fabric Solution. Zone-based firewalls are deployed within the public cloud provider’s environment as well as the hybrid environment to enforce policy between accessed virtual machines. IT administrators can now maintain a consistent security policy across their entire cloud solution.
Like what you read?
About Mindsight
Mindsight, a Chicago IT consultancy and services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We’ve always prided ourselves in delivering the full spectrum of IT services and solutions, from design and implementation to support and management. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for a local business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.